The U.S. Justice Department has charged five suspects believed to be part of the financially motivated Scattered Spider cybercrime gang with conspiracy to commit wire fraud. Between September 2021 and April 2023, they were able to steal over $11 million from cryptocurrency wallets using victims’ credentials stolen in SMS phishing attacks targeting dozens of targets,…
Read MoreFive local privilege escalation (LPE) vulnerabilities have been discovered in the needrestart utility used by Ubuntu Linux, which was introduced over 10 years ago in version 21.04. The flaws were discovered by Qualys and are tracked as CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003. They were introduced in needrestart version 0.8, released in April 2014, and…
Read More‘This settlement demonstrates the department’s commitment to hold accountable those who overcharge the government through collusion or other unlawful conduct,’ said Principal Deputy Assistant Attorney General Brian M. Boynton, head of the Justice Department’s Civil Division, in a statement. Over a period of four years Dell Technologies knowingly submitted high bids on US Army hardware…
Read More‘Through this program, we’re enhancing the incentives, product support and co-selling opportunities to help our services and ISV partners bring these solutions to market faster, reach more customers and grow their AI agent businesses,’ says Google Cloud’s global channel chief, Kevin Ichhpurani. Google Cloud is looking to scale AI agent sales and customer adoption to…
Read MoreApple released security updates to address vulnerabilities in multiple Apple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply necessary updates: Source link lol
Read MoreThe Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Homeland Security Systems Engineering and Development Institute (HSSEDI), operated by MITRE, has released the 2024 CWE Top 25 Most Dangerous Software Weaknesses. This annual list identifies the most critical software weaknesses that adversaries frequently exploit to compromise systems, steal sensitive data, or disrupt essential services.…
Read More
Cybercriminals have devised a novel method to cash out from stolen credit card details linked to mobile payment systems such as Apple Pay and Google Pay, dubbed ‘Ghost Tap,’ which relays NFC card data to money mules worldwide. The tactic builds upon the methods previously deployed by mobile malware like NGate, documented by ESET in…
Read MoreCISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD)…
Read More
Microsoft has confirmed a new issue affecting Windows 24H2 systems and causing game audio to unexpectedly increase to full volume when using USB DAC sound systems. As the company explained in a support document published on Tuesday, this known issue occurs on Windows 24H2 gaming systems where affected gamers use a Creative Sound BlasterX G6 USB…
Read MoreUSDA turned to Fast IDentity Online (FIDO) capabilities, a set of authentication protocols that uses cryptographic keys on user devices, to offer a secure way to authenticate user identities without passwords. USDA’s adoption of FIDO highlights the importance of organizations moving away from password authentication and adopting more secure MFA technologies. This report offers examples…
Read More